Substituting cyber reporting with continuous monitoring carries risks

September 19, 2011
FedCyber Wire, Technology
No Comment

via Nextgov

An Obama administration decision to relax agency reporting rules for complying with cybersecurity mandates by instead requiring automated data feeds about threats could relegate risk management to a back-office function and leave senior executives out of the loop, some auditors say.

This year’s instructions for adhering to the 2002 Federal Information Security Management Act, to the delight of some information technology managers, say that continuous monitoring will replace the current costly, time-consuming process of reauthorizing systems after upgrades or at least every three years.

Continued here.